Victims of this new technique are invited to install a malicious “security certificate update” when they visit compromised websites…
Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.
Subdomains including mybrowser.microsoft.com and identityhelp.microsoft.com were among ten hijacked by a team of security researchers from Vullnerability. In all, more than 670 Microsoft subdomains were found to be at risk of being taken over.
A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean allowed potential attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations.
In February, Google threw 600 apps out of its Play store. Amongst those was an app called Clean Master, a security tool promising antivirus protection and private browsing. It had more than 1 billion installs before it was evicted and, despite Google’s ban, is one of Android’s most downloaded apps ever and is likely still running on millions of phones.
Apple will pay up to half a billion dollars to settle a class action lawsuit accusing it of slowing down older iPhone models to compel users to buy new ones.
The proposed settlement agreement requires Apple (AAPL) to pay the owners of certain iPhone models $25 per affected device, totaling a minimum of $310 million and a maximum of $500 million, according to documents released on Friday in US District Court in San Jose, California. The amount each user receives could increase or decrease depending on how many claims are filed as well as any additional legal fees and expenses approved by the court, the document added….
Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you….